Cipher X® 7220 Network Encryption

Cipher X 7220 IP Encryption

Network Security Device with KEYNET Network Security Manager

The Cipher X 7220 Network Security Device is the 10 Gb/s model of the family of TCC Cyber Security Appliances. The Cipher X 7220 is ideally suited for global Ethernet networks with high performance requirements. It integrates seamlessly into existing networks without degrading performance. Its hardware-based Layer 2, 3 and 4 encryption engines encrypt and decrypt outbound and inbound traffic at full wire speed. Its powerful Security Policy management sets the criteria for encrypting, blocking or passing traffic through.

Product Benefits

  • 10 Gb/s Full Duplex Wire Speed Encryption
  • Layer 2/3/4 Network Security Device
  • Native AES-256 Symmetric Key Encryption
  • Customizable National Algorithm Encryption
  • Security Policy management criteria for encrypting, decrypting, blocking or passing-through traffic, based on:
    - VLAN tags
    - Source & Destination addresses
    - Protocol and Port numbers
  • Multi-layer key and device management

Cipher X Network Security Family

The Cipher X 7220 is the 10 Gb/s model of the family of TCC Cyber Security Appliances. The Cipher X 7220 brings a higher performance encryption solution to networks that need multi-Gigabit performance. Fully interoperable with the Cipher X 7210 and 7211, the Cipher X family offers network security from 1 Gb/s up to 10 Gb/s.

Network Encryption Solution Seamlessly Overlays on Networks

The Cipher X 7220 enables data to securely transit networks over fiber, satellite or microwave, including multicast applications such as secure video conferencing. The wire speed Cipher X 7220 is a tunnel-less Layer 2, 3 or 4 solution which overlays on top of existing or new networks — no network architecture changes are required.

Optimum Flexibility and Scalable Performance

The Cipher X 7220 is highly flexible, supporting a broad array of network applications and security requirements. The Security Policy Manager sets the criteria for the treatment of network traffic based on users operational requirements. Users can define encryption, blocking or plain pass-through treatment of traffic based on VLAN tags; Source & Destination addresses, Protocol and Port numbers.

The Cipher X 7220 is a 10 Gb/s Cyber Security Appliance. Used in conjunction with the Cipher X 7210 (100 Mb/s) and 7211 (1 Gb/s) network security appliances, the Cipher X family provides the flexibility and scalability to meet evolving business needs.

Network Encryption with Superior-Grade Security

The Cipher X 7220 is a FIPS 140-2 Level 3 designed encryption solution with multiple layers of protection. The AES 256-bit algorithm in Galois Counter Mode provides superior-grade encryption and authentication. TCC's National Algorithm Support Program (NASP) is available for algorithm customization.

A three-tier symmetric key management architecture integrating the Cipher X 7220 and KEYNET Network Security Manager maximizes network security. The Cipher X 7220's embedded key vault processor securely manages system security parameters, generates local data encryption keys and ensures cryptographic integrity, while KEYNET Network Security Manager provides security configuration and key management.

KEYNET for IP Encryption Management

Security Policies

CipherONE® Security Policy management allows users to set infinite individual Security Policies for the Cipher X 7220 Policy Enforcement Engine to encrypt, block or pass-through traffic, based on the Ethernet Frame and IP Packet headers information, including VLAN tags; Source & Destination addresses; Protocol and Port numbers. Policies can be Point-to-Point, Global, or Single-Ended to easily secure unicast or multicast traffic.

Cipher X 7220 Policy Enforcement Engine

Network Encryption with Cipher X 7220

Technical Specifications


  Operates at Layer 2/3/4

  Configurable wire speed performance from 1 Gb/s to 10 Gb/s

  Seamless integration with Ethernet networks

  Interoperates with Cipher X 7210 and 7211 encryptors

  Tunnel-less encryption solution

  IPv4/IPv6 capable

  Secures unicast or multicast traffic

  Secures public/private networks using NAT/PAT

  Supports jumbo frames to 9000 bytes

  Basic firewall function (packet filter)

  Helps protect against denial of service attacks


 (2) 10 Gb/s SFP+ ports (Red/Black)

 (1) 10/100/1000 BASE-TX (Management)

 Local serial console port

 SmartModule key fill port

Device Management

 Local device control with Command Line Interface

 Centralized management with KEYNET Network Security Manager

 Encrypted, authenticated SNMP management messaging with secure TCC extensions

Data Encryption

 AES-256 – standard

 Customizable National algorithm

Key Management

 Symmetric key with three-tier secure key management infrastructure

 Lossless data encryption key change

 SHA-256 integrity and authentication


 Operational Temperature: 0°C to +50°C at 1800m and 85% RH

 Storage Temperature: -20°C to +70°C

 Humidity: 20% to 85% RH, non-condensing

Prime Power

 Hot-Swappable Dual AC power supplies

100V – 240 VAC, 50 – 60Hz


 1RU standard 19" rack mountable with removable rack mount ears


 Designed to FIPS 140-2, Level 3

 FCC Part 15, Class B

 EN/UL 60950-1

 EN55022, EN55024


 Access control and anti-tamper design


TCC is dedicated to quality products and services. TCC is ISO 9001 certified. ISO 9001, granted to TCC by TUV, is the most stringent standard available for total quality systems in design/development, production, installation and servicing.

Cipher One

CipherONE® Optimized Network Encryption

Our solutions meet TCC's CipherONE Optimized Network Encryption best-in-class criteria for maximum cryptographic strength, and are optimized for performance and ease of use for our customers.

Read More